This is another typical pseudo-Darkleech to Neutrino EK infection chain. Below we can see the pseudo-Darkleech code injected in the compromised site. The tag contains the URL for the Neutrino EK landing page:

The landing page shows the URI for the Flash exploit:

Here is the GET for the SWF exploit:

Followed by the usual GET for an empty HTML:

The last request to the EK is for the CryptMIC payload:

Some CryptMIC files are found in %APPDATA%:

Once the machine is infected there are ransom notes dropped on the Desktop and in numerous folders.

Here is a look at the post-infection traffic, however, the server appears to be unresponsive: